Dell Acquisition of Everdream Complete

December 20, 2007

We are pleased to share the news that Dell Inc., a leading global systems and services company and No. 34 on the Fortune 500, has completed its acquisition of Everdream Corporation.  Combining Dell’s scale and resources with Everdream’s industry leading software development and SaaS platform creates a unique opportunity for partners to quickly benefit from this dynamic industry combination by providing the “gold” standard in global device management to your clients. 

Dell’s interest in acquiring Everdream was driven by our industry leading technology and commitment to the channel. Dell plans to continue building upon Everdream’s portfolio of world-class products and partner ecosystem, providing white-label as well as Dell/Everdream branded products directly to customers through partners without disruption.

As part of the Global Services organization at Dell, we’re in an even stronger position to deliver the great products and services you’ve come to expect from us. You’ll be hearing more from us on our growth and integration in the coming months, but please don’t hesitate to reach out to your Everdream contact or me with any questions, concerns or feedback.

To learn more about the acquisition, please click here.

Leave a Comment » | Business Computer Support, Dell, everdream | Permalink
Posted by bardissi

Adobe Flash Player Flaws Enable Smorgasbord of Exploits

December 20, 2007

Severity: High

19 December, 2007

Summary

  • These vulnerabilities affect: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier, on Windows, OS X, Unix and Linux computers
  • How an attacker exploits them: By enticing one of your users into playing a maliciously crafted Flash (.SWF) file
  • Impact: Numerous flaws, various results. In the worst case, an attacker could execute code on the victim’s computer, and take control
  • What to do: Deploy Flash Player 9.0.115.0 as soon as possible

Exposure

Adobe Flash Player displays interactive, animated Web content called Flash, often formatted as a Shockwave (.SWF) file. Adobe’s Flash player ships by default with many Web browsers, including Internet Explorer (IE). It also runs on many operating systems.

In yesterday’s alert, Adobe warns of numerous security vulnerabilities in all versions of Flash Player from 9.0.48.0, back. Some of the vulnerabilities are critical. Adobe doesn’t describe the flaws in detail, simply calling them “input validation flaws.” Input validation is a fancy term for a simple concept: Any script or program that accepts input (whether directly from users, or from another program) should check that the input makes sense and is of the type expected. Examples of typical input validation flaws include failure to cut off the input after receiving the expected number of characters, or failure to reject meta-characters that have a special meaning to the program accepting the input.

To exploit Flash Player’s flaws, an attacker would create a malicious Shockwave Flash (.SWF) file and entice one of your users into executing it. The file could be hosted on a Web site, or sent via an HTML e-mail, or delivered in other ways via applications that embed Flash. If your user plays the file, Flash’s lack of input validation enables the attacker to pull off a wide range of technical tricks, resulting in possible cross-site scripting, elevation of privileges, HTTP Request splitting, DNS rebinding, and too many other attacks to detail. (See the References section below for papers describing how some of the possible attacks work). Since most Windows administrators grant their users local administrative privileges, an attacker could exploit some of these flaws to gain complete control of a victim’s computer.

Solution Path

Adobe has released new versions of Flash Player to correct these vulnerabilities. We recommend you download and deploy Adobe’s latest Flash Player throughout your network as soon as possible, regardless of the operating system you run it on. Adobe’s web page automatically senses which platform you are using, and proposes a download of the appropriate Flash version.

Note: If you open the download link using Internet Explorer, you’ll see a page that, by default, will send you both the Flash update and Yahoo! Toolbar. We recommend you disable the option of receiving Yahoo! Toolbar, which is not needed for fixing the Flash vulnerability.

Adobe’s Flash Player also ships with other Adobe (and formerly, Macromedia) products. For a complete list of the affected products, and links to get the latest update for each product, see the Details section of their alert.

For All WatchGuard Users:

Some of WatchGuard’s Firebox models allow you to prevent your users from accessing Shockwave Flash files (.SWF) via the web (HTTP) or emails (SMTP, POP3). If you like, you can temporarily mitigate the risk of this vulnerability by blocking .SWF files using your Firebox’s proxy services (instructions below). However, many web sites rely on Flash for interactive content. Blocking Flash prevents these sites from working properly. Note that many popular video streaming sites, such as YouTube and JibJab, deliver video using a Flash front end, so this technique will render many video web sites unusable. To best protect your network from this flaw, you should deploy Adobe’s updated Flash Player.

For Firebox X Edge Users Running Version 8.5:

If you would like to block HTTP requests for Shockwave Flash files, you can learn how in the 12-minute Video Tutorial titled “Outgoing Proxies.” (You’ll find it with the other Firebox X Edge videos located at the bottom of the tutorials page.) With the HTTP proxy setting “Allow only safe content types” enabled, highlight the MIME type “application/x-shockwave-flash,” and click the Remove button.

To prevent attackers from sending a malicious SWF file as an attachment to email, in the POP3 proxy settings, go to Deny Unsafe Filename Patterns and use the Add button to enter *.SWF. These techniques will block all Flash files from arriving via web or email. (Firebox SOHO and earlier Edge devices do not have proxies, and thus this step does not apply to them. Those users should install Adobe’s Flash Player update.)

For Firebox III, X Core, and X Peak Users:

If the practice fits your business environment, you can use the HTTP and SMTP proxies to block .SWF files (note that this method blocks both malicious and legitimate files). Follow the links below for instructions for your specific WatchGuard device.

Status

Adobe released Flash Player version 9.0.115.0, which corrects these issues.

References

Forging HTTP Request Headers with Flash

1 Comment | Adobe, Adobe Flash Player, Business Computer Support, Computer Security, Home Computer Support, Mac, Microsoft, Non-Profit Technology, Student Computing, Watchguard, Yahoo Toolbar | Permalink
Posted by bardissi

Apple’s Latest OS X Update Patches More than 30 Holes

December 19, 2007

Severity: High

18 December, 2007

Summary:

  • These vulnerabilities affect: OS X 10.4.x (Tiger) and 10.5.x (Leopard)
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site or download and open a booby-trapped file
  • Impact: More than 30 flaws; various results. In the worst case, attacker executes code on your user’s computer, potentially gaining control of it
  • What to do: Install Apple security update 2007-009

Exposure:

Today, Apple released a security update fixing over 30 security issues in software packages that ship as part of OS X 10.4.x and 10.5.x, including Safari, Mail, and iChat. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:

  • Format string vulnerability in Address Book. Address Book is an OS X application that allows you to store and organize your contact information. According to Apple, Address Book suffers from a format string vulnerability involving the way it handles specially malformed URLs. By enticing one of your OS X users to a malicious web site, an attacker can exploit this vulnerability to execute code on your user’s machine, with that user’s privileges. The attacker could then leverage other vulnerabilities (described in Apple’s update) to obtain full control of that user’s machine.
  • ColorSync memory corruption vulnerability. ColorSync is OS X’s color management software. It suffers from an unspecified memory corruption vulnerability involving the way it handles specially crafted ColorSync profiles embedded into image files. By enticing one of your users into opening a malicious image, or into visiting a web site hosting that image file, an attacker can exploit this flaw to execute malicious code on your user’s computers, with that user’s privileges. Again, an attacker could also exploit other flaws (described in Apple’s update) to gain complete control of that user’s machine.
  • Memory corruption vulnerability in Safari RSS. Safari, OS X’s web browser, ships with an RSS component to allow you to subscribe to news feeds like the WatchGuard Wire. Unfortunately, Safari RSS suffers from an unspecified memory corruption vulnerability involving the way it handles maliciously crafted RSS feeds. If an attacker can entice one of your users to visit a malicious RSS feed, he can exploit this flaw to execute code on that user’s computer, then exploit other flaws to gain complete control of that computer.

Apple’s alert includes over 28 more flaws, including many more code execution flaws besides the ones described above. The remaining vulnerabilities also include Denial of Service (DoS) flaws, elevation of privilege flaws, and even a Cross-Site Scripting (XSS) flaw, plus others. Components patched by this security update include:

CFNetwork Core Foundation
CUPS Desktop Services
Flash Player Plug-in GNU tar
iChat IO Storage Family
Launch Services Mail
perl python
Quicklook ruby
Safari Samba
Shockwave Plug-in SMB
Software Update Spin Tracer
Spotlight tcpdump
XQuery  

Refer to Apple’s alert for more details.

In a separate bulletin, Apple also fixed an XSS vulnerability in Safari 3 for Windows BETA. For more details, see Apple’s Safari for Windows bulletin. If you use Safari 3 for Windows on your network, install the patch.

Solution Path:

Apple has released updates to fix these vulnerabilities for both OS X 10.4.11 and 10.5.1. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X’s Software Update utility automatically pick the correct update for you.

For All Users:

These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.

Status:

Apple released updates to fix these issues.

References:

Leave a Comment » | Apple, Apple Leopard, Apple Safari, Apple Tiger, Business Computer Support, Computer Security, Home Computer Support, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, iTunes | Permalink
Posted by bardissi

TechSoup Stock New Product Alert – December 2007

December 19, 2007

This month, I am excited to announce that GiftWorks’ easy-to-use fundraising software is now available through TechSoup Stock.

This new program offers small nonprofits donated or discounted software to help you boost your fundraising efforts.

 

Start the new year off protected with two essential software donations from Symantec: Norton Internet Security 2008 and Backup Exec 11d for Windows Servers.

 

Finally, if you’ve been hoping for a new transceiver module for the holidays, pass this email on to your IT staff: the Cisco Gigabit Ethernet SFP Module has just been added to our popular Cisco donation program.

 

============================================

NOW AVAILABLE: GIFTWORKS FUNDRAISING SOFTWARE ============================================

TechSoup Stock is pleased to partner with GiftWorks to make its fundraising management software available to eligible nonprofits and public libraries in the U.S. and Canada. GiftWorks is designed to meet the needs of small nonprofit organizations, offering software that allows you to track and manage donors and donations; build targeted lists of donors, supporters, and prospects; send mailings; and create reports. (This program was formerly listed on TechSoup Stock under Mission Research.)

 

GiftWorks’ contact management features are targeted to the needs of nonprofit organizations. For example, each donor record contains a social networking section that lists the donor’s connections with organizations and other donors in the database.

In addition, GiftWorks allows users to import records and export transactions to a variety of formats. Users can also update QuickBooks with their GiftWorks donation information in a few steps.

 

GiftWorks offers both donated and discounted software through TechSoup Stock. Donations are available to organizations with annual operating budgets of $25,000 or less for an administrative fee of $25 (as compared to a retail value of

$299):

 

* GiftWorks (donated): http://ga0.org/ct/b1LRaAn1tLza/

 

Or, discounted software is available to organizations with annual operating budgets between $25,000 and $50,000 for an administrative fee of $99 (as compared to a retail value of

$299):

 

* GiftWorks (discounted): http://ga0.org/ct/gpLRaAn1tLzq/

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits, Canadian charitable and nonprofit organizations, U.S. and Canadian public libraries. Review the GiftWorks program restrictions:

http://ga0.org/ct/t1LRaAn1tLaJ/

 

============================================

STAY SAFE WITH NEW NORTON INTERNET SECURITY 2008 ============================================

Is every computer in your organization protected against viruses, worms, Trojan horses, spyware, adware, and hackers? If not, consider requesting the latest donated software from Symantec that protects you from all of these threats: Norton Internet Security 2008.

 

Some benefits of this new version include:

 

* Auto-Protect scans all incoming and outgoing email messages and attachments, including compressed files, to help ensure they are not infected.

 

* Phishing protection checks visited Web sites against a global “blocklist” of known phishing sites that is updated in real time.

 

* Network Detector automatically detects and blocks unknown computers from connecting to your computer on public networks, including wireless networks.

 

Norton Internet Security 2008 is available through TechSoup Stock in license packs of 1, 5, 10 and 25 users for administrative fees ranging from $15-$98, thanks to a generous donation from Symantec. Learn more and place your donation request today:

http://ga0.org/ct/g1LRaAn1tLaV/

 

ADDITIONAL SECURITY SOFTWARE DONATIONS FROM SYMANTEC

* If you’re a Mac user, learn more about Norton Internet Security 3.0 for Macintosh:

http://ga0.org/ct/gdLRaAn1tLaC/

 

* Norton AntiVirus 2008 was recently added to the TechSoup Stock

catalog: http://ga0.org/ct/tpLRaAn1tLaZ/

 

* Browse all Symantec products and learn more about Symantec donation programs here:

http://ga0.org/ct/t7LRaAn1tLaK/

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits, Canadian Registered Charities, and U.S. 501(c)(3) libraries. Review the Symantec Desktop Program

restrictions:

http://ga0.org/ct/67LRaAn1tLzM/

 

============================================

SYMANTEC BACKUP EXEC RETURNS TO TECHSOUP STOCK ============================================

Backup Exec 11d for Windows Servers, which was very popular with nonprofits last time it was available, has returned to TechSoup Stock thanks to a generous donation from Symantec.

 

This software provides your organization with continuous disk-based and traditional tape-based data protection. It can protect a single server, multiple servers, a storage area network, or a large enterprise.

 

The backup media server’s administration console provides an intuitive interface and wizards to simplify installation, setup, backup, and recovery. A Web-based search engine lets end users retrieve previous versions of files stored on the file server from the Internet without contacting IT.

 

Symantec Backup Exec 11d for Windows Servers is available through TechSoup Stock for an administrative fee of $59 (as compared to a retail value of $930). Learn more and place your donation request:

http://ga0.org/ct/b7LRaAn1tLzS/

 

Browse all Symantec products and learn more about Symantec donation programs here:

http://ga0.org/ct/t7LRaAn1tLaK/

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits (excluding libraries) and Canadian Registered Charities. Review the Symantec Enterprise Program

restrictions:

http://ga0.org/ct/6dLRaAn1tLzA/

 

============================================

NEW — CISCO GIGABIT ETHERNET SFP MODULE ============================================

The GLC-SX-MM is one of Cisco’s 1000BASE-SX Small Form-Factor Pluggable (SFP) transceivers. These hot-swappable input/output devices plug into a Gigabit Ethernet port or slot, linking the port with the fiber-optic network. This SX model operates on ordinary multimode fiber-optic (MMF) link spans of up to 550 meters in length.

 

This product is hot-swappable when deployed, so the switch or router does not have to reboot. Also, it is interchangeable with other 1000BASE-SX SFPs on the same line card.

 

Cisco’s GLC-SX-MM is available through TechSoup Stock for an administrative fee of $44 (as compared to a retail value of

$500) thanks to a generous donation from Cisco. Learn more and place your donation request:

http://ga0.org/ct/bdLRaAn1tLzz/

 

The Cisco Donation Program at TechSoup Stock allows eligible organizations to select from a variety of firewalls, routers, switches, and wireless products. View all Cisco product

donations:

http://ga0.org/ct/tdLRaAn1tLaD/

 

ELIGIBILITY: U.S. 501(c)(3) nonprofits with additional restrictions. Eligible nonprofit organizations may request donated products with administrative fees totaling up to $1,200 per fiscal year. View complete eligibility restrictions:

http://ga0.org/ct/61LRaAn1tLz_/

 

============================================

CAN MY ORGANIZATION RECEIVE SOFTWARE FROM TWO DONATION PROGRAMS?

============================================

We frequently hear the following type of question:

 

Q: “If I’ve received donations from the Symantec Donation Program on TechSoup Stock, can I still request products from the Microsoft Software Donation Program on TechSoup Stock?”

 

A: If your organization has ordered from the Symantec Donation Program (or other donation program) at TechSoup Stock, this does not affect your organization’s eligibility to request donations from Microsoft. Each of the donation programs at TechSoup Stock has independent donation guidelines, and your organization may be eligible for products from MULTIPLE donation programs. Visit this Web page to review the eligibility requirements and restrictions of the donation programs that your organization is interested in: http://ga0.org/ct/bpLRaAn1tLzL/

 

============================================

TELL A FRIEND ABOUT TECHSOUP STOCK

============================================

As a nonprofit helping other nonprofits get the technology they need, TechSoup Stock depends on your referrals to reach organizations in the U.S. and Canada that might not know about our service. Please visit the link below to tell nonprofits and public libraries you know about our service and how they might

benefit:

http://ga0.org/ct/6pLRaAn1tLzN/

 

============================================

QUESTIONS?

============================================

If you have questions about our donation programs that were not addressed by this email or the program pages on our Web site, please feel free to contact our Customer Service Department via email at newproducts@techsoup.org or call us at 1-800-659-3579, extension 700. TechSoup Stock Customer Service is available Monday-Friday, from 8 a.m. to 5 p.m. Pacific time. In addition, you can get answers to your questions at our online Email and Answer Center at http://ga0.org/ct/g7LRaAn1tLz1/.

 

Sincerely,

 

Rebecca Masisak

Co-CEO, CompuMentor/TechSoup

http://www.techsoup.org/stock

http://www.techsoup.org/stock/libraries (libraries start here)

Leave a Comment » | CompuMentor, Non-Profit Technology, Non-Profits, TechSoup | Permalink
Posted by bardissi

WatchGuard Releases Firebox X Edge e-Series 8.6.2

December 17, 2007

WatchGuard is pleased to announce the availability of Firebox X Edge e-Series system software 8.6.2, the latest version of software available for Edge e-Series appliances.

We have substantially improved the software quality of this release by resolving issues in a number of functional areas; most significantly, resolution of a bug in our remote access controls. This bug would allow an unauthenticated user, who has access to the administrative interface of an Edge appliance running 8.x firmware, to reboot it without first authenticating..

In addition, this release includes an updated Japanese Web UI. Please see the release notes for a complete list of resolved issues.

We strongly recommend that all customers download and install this release to upgrade their Edge e-Series appliance.

What’s new with Edge e-Series 8.6.2

This release fixes a number of bugs in the Edge 8.x firmware, provides an updated Japanese user interface, and fixes a security flaw in the Edge 8.x firmware.

In Edge 8.x, we provide two basic controls to prevent anyone but the administrator from performing administrative functions such as changing the configuration or rebooting the appliance. Those controls are a password and the proper IP address. In 8.6.2, we have fixed a bug which made it possible to reboot the Edge without using a password. The bug was in a UI component no longer used by the Edge e-series UI. Our thanks go to Ulf Schröder at Wick-Hill GmbH and Andreas Rietmann of true networks e.K. for their assistance in identifying this bug.

If you have further questions about this bug or security concerns about any of WatchGuard’s products, please contact:

Steve Fallin | Director, Rapid Response Team
Product Manager, LiveSecurity

+1 206.521.8373
steve.fallin@watchguard.com

Does this release pertain to me?

The Firebox X Edge e-Series 8.6.2 software will only work with Firebox X Edge e-Series models. It will not operate (and cannot be installed) on other Firebox X Edge models (wired or wireless), SOHO 6 (wired or wireless), S6 (wired or wireless), or SOHO models.

Upgrade Path

There is a specific upgrade path that needs to be followed for installing this release. Please use the following chart to determine your upgrade path:

If you are currently running: Install in this order:
Edge e-Series v8.0 Edge e-Series v8.0.1 -> 8.0.3 -> 8.6.2
Edge e-Series v8.0.3 or later Edge e-Series v8.6.2

Please refer to the system status page of your Edge e-Series device to determine which version of software you currently have installed.

How do I get this release?

Firebox X Edge e-Series owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading it from the Software Downloads Web page . Firebox X Edge e-Series owners who do not have a current LiveSecurity Service subscription should contact support for instructions on downloading a version of this update. Be sure to read the accompanying release notes for the complete list of bug fixes, as well as installation instructions, limitations, and known issues. If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. Customers: 877.232.3531
  • International Customers: +1.206.613.0456

Authorized WatchGuard Resellers: 206.521.8375

Leave a Comment » | Business Computer Support, Computer Security, Network Infrastructure, Non-Profit Technology, Watchguard | Permalink
Posted by bardissi

Trio of Quicktime Media Handling Flaws Lets Attackers Own Your PC

December 17, 2007

Severity: High

13 December, 2007

Summary:

  • This vulnerability affects: Quicktime 7.3 for Mac and PC (and possibly earlier versions)
  • How an attacker exploits it: By enticing your users to download and play a malicious Quicktime media file
  • Impact: Attacker executes code on your user’s computer, potentially gaining complete control of it
  • What to do: If you allow Quicktime (or iTunes), upgrade to 7.3.1. Otherwise, remove these applications from your company’s computers.

Exposure:

Today, Apple released an alert fixing three vulnerabilities in their popular media player application, Quicktime. (Current versions of iTunes also ship with Quicktime; if your users have iTunes, they most likely have Quicktime.) These applications run on Windows and Macintosh computers, and both platforms are susceptible to exploitation of these security flaws. Apple’s alert specifies Vista and XP SP2 as the vulnerable versions of Windows.

Though they differ technically, the three vulnerabilities all relate to the way Quicktime improperly handles different types of multimedia — and the results of the exploits are similar. If an attacker can get one of your users to open a maliciously crafted multimedia file, he could trigger any of these flaws to execute code on your user’s computer, with the same privileges and permissions your user has. If your users have local administrative privileges, the attacker could gain complete control of their machines. The primary difference of note between these flaws involves which media file the attacker can use to exploit them. The potentially dangerous files that could trigger these flaws are:

  • RTSP movies (.rtsp)
  • QTL files (.qtl)
  • Flash media (.swf, .fla)

Solution Path:

Apple has released Quicktime version 7.3.1 to correct these flaws. If you allow (or suspect that your users have installed) Quicktime or iTunes in your network, we recommend that users either remove the applications or install version 7.3.1.

The latest versions of Quicktime and iTunes for Windows ship with Apple Software Update. Apple Software Update automatically detects updates such as this one for Quicktime, then informs you, so that you can install the update as soon as possible. If you choose to allow Quicktime or iTunes in your network, we recommend you set Apple Software Update to check for new updates daily and allow it to assist you in keeping your Apple software current.

Note: By default, Apple ships Quicktime combined with iTunes. If you do not want iTunes, download the standalone version of Quicktime.

For All Users:

These attacks rely on one of your users downloading and opening any of several different file types. You can mitigate the risk of these vulnerabilities by configuring your WatchGuard Firebox to block the following file types using its SMTP and HTTP proxies:

  • .rtsp
  • .qtl
  • .swf
  • .fla

Note that blocking these file types will prevent your users from downloading them, whether the files are legitimate or malicious. Some of these file formats have legitimate business uses, and you may not want to block them in their entirety at your firewall. Whether you decide to block these file types or not, you should insist that users either remove Quicktime and iTunes, or install Apple’s Quicktime update as soon as possible.

If you want to block these media files using your Firebox’s SMTP and HTTP proxies, refer to the links below:

Status:

Apple released Quicktime 7.3.1, which fixes this issue.

References:

Leave a Comment » | Apple, Business Computer Support, Computer Security, Home Computer Support, Mac, Microsoft, Network Infrastructure, Non-Profit Technology, OS X, Quicktime, Student Computing, Watchguard, Windows Vista, Windows XP | Permalink
Posted by bardissi

Java Poses Significant Security Threat to OS X

December 17, 2007

Severity: Medium

14 December, 2007

Summary:

  • This vulnerability affects: OS X 10.4.x (not Leopard, 10.5)
  • How an attacker exploits it: By enticing your users to a malicious web site
  • Impact: Attacker executes code on your user’s computer, or modifies your user’s Keychain (passwords), potentially gaining complete control of your user’s computer
  • What to do: Install Java Release 6 as soon as possible

Exposure:

Today, Apple issued an alert fixing multiple vulnerabilities in the Java component that ships with OS X 10.4. Leopard (10.5) users are not affected by these vulnerabilities. Apple doesn’t explain these vulnerabilities in technical detail; instead, they describe the potential impact of these flaws. For instance, an attacker can exploit multiple unspecified flaws in Java and Java2 Standard Edition (J2SE) to either execute code or elevate his privileges on your user’s OS X computer. An attacker could also exploit another unspecified Java flaw to add or remove items from your user’s Keychain, which is essentially OS X’s password store. More simply, the attacker can mess with your passwords. In order to exploit any of these vulnerabilities, an attacker would have to entice one of your OS X users into visiting a malicious web page containing specially crafted Java code.

Solution Path:

Apple has issued Java Release 6 for OS X 10.4 to correct these flaws. If you manage OS X 10 computers, we recommend you download, test and deploy Java Release 6 [direct link to dmg] as soon as possible..

OS X’s Software Update automatically detects updates such as this one for OS X and then informs you, so that you can install the update as soon as possible. We recommend that you set Software Update to check for new updates daily, and allow it to assist you in keeping your Apple software current.

For All Users:

These attacks rely on one of your users visiting a web page containing malicious Java bytecode. The HTTP-Proxy policy that ships with most Firebox models automatically blocks Java bytecode by default. If you manage a Firebox with its default HTTP-Proxy, your users will not be able to download the malicious code needed to trigger many of these vulnerabilities.

Status:

Apple has released Java Release 6, which fixes these issues.

References:

1 Comment | Business Computer Support, Computer Security, Home Computer Support, Java, Mac, Network Infrastructure, Non-Profit Technology, OS X, Student Computing, Watchguard | Permalink
Posted by bardissi

Cumulative IE Patch Remedies Four Critical Vulnerabilities

December 12, 2007

Severity: High

11 December, 2007

Summary:

Today, Microsoft released a security bulletin describing four vulnerabilities in Internet Explorer. By tricking one of your users into visiting a maliciously crafted web page or into opening a maliciously crafted HTML email, an attacker could exploit any of these new vulnerabilities to execute code on your user’s computer, with your user’s privileges. In the worst case, the attacker could gain complete control of the victim computer. If you use Internet Explorer in your network, you should download, test, and deploy the appropriate Internet Explorer patches immediately. The patches fix all previous vulnerabilities, in addition to the newly announced flaws.

Exposure:

In a security bulletin released today as part of their monthly patch update, Microsoft describes four vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0. Though they differ technically, all four vulnerabilities share the same general flaw. IE doesn’t properly handle certain HTML objects, which causes memory corruption. By luring one of your users into visiting a maliciously crafted web page, an attacker can exploit these memory corruption vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could gain complete control of the victim computer.

Solution Path:

These patches fix serious issues. You should download, test, and deploy the appropriate IE patches as soon as possible.

For All WatchGuard Users:

These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

Leave a Comment » | Business Computer Support, Home Computer Support, Internet Explorer, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows 2000, Windows Server 2003, Windows Vista | Permalink
Posted by bardissi

Windows Media Handling Components Cause Security Grief

December 12, 2007

Severity: High

11 December, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities that affect components Windows uses to handle multimedia (specifically, DirectX and the Windows Media File Format Runtime). A remote attacker could exploit the flaws in these components to execute code on your Windows PC, potentially gaining complete control of it. If you manage a Windows network, you should download, test, and deploy the appropriate patches throughout your network as soon as possible.

Exposure:

Microsoft’s security bulletins detail vulnerabilities found in two Windows components used to handle multimedia. We summarize these vulnerabilities below:

MS07-064: Two Remote Code Execution Vulnerabilities in DirectX

DirectX is a multimedia-handling component that ships with all current versions of Windows. According to Microsoft, DirectX suffers from a couple of remote code execution vulnerabilities because it improperly parses certain multimedia files. The vulnerabilities differ technically, but share the same scope and impact. By enticing one of your users into opening a malicious media file, an attacker can exploit these vulnerabilities to execute code on your user’s computer, with your user’s privileges. If your user has local administrative privileges, the attacker gains complete control of your user’s machine. The only difference of note between these flaws involves which media file the attacker can use to exploit them. The potentially dangerous files that could trigger these flaws are:

  • AVI Video files (.avi)
  • WAV sound files (.wav)
  • SAMI files (.sami or .smi)

Microsoft rating: Critical.

MS07-068: Windows Media File Format Runtime Code Execution Vulnerability

The Windows Media File Format Runtime is a component Windows uses to play various Windows Media file types, such as WMV or WMA. The Windows Media File Format Runtime suffers from a vulnerability due to its inability to properly parse Advanced System Format (ASF) streaming media. By enticing one of your users into opening a specially crafted ASF file, or enticing them to a web site that contains an ASF stream, an attacker could exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. As usual, if your user has local administrative privileges, attackers could leverage this flaw to take over your user’s computer.
Microsoft rating: Critical.

Solution Path

Microsoft has released patches for DirectX and Windows Media File Format Runtime to correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

MS07-064:

MS07-068:

For All WatchGuard Users:

You can mitigate the risk of these vulnerabilities by configuring your WatchGuard Firebox to block the following file types using its SMTP and HTTP proxies:

  • .avi
  • .wav
  • .smi
  • .sami
  • .asf

Keep in mind, blocking these file types will prevent your users from downloading them, whether the files are legitimate or malicious. Some organizations prefer to allow these media files into their network. Whether you decide to block these file types or not, applying Microsoft’s patches is the best solution

If you want to block these media files using your Firebox’s SMTP and HTTP proxies, refer to the links below:

Status:

Microsoft has released patches correcting these issues.

References:

Microsoft Security Bulletin MS07-068

Leave a Comment » | Business Computer Support, Home Computer Support, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows 2000, Windows Media Player, Windows Server 2003, Windows XP | Permalink
Posted by bardissi

Hodgepodge of Windows Vulnerabilities Poses Moderate Risk

December 12, 2007

11 December, 2007

Summary:

Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for December and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s four security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-063: Windows Vista SMBv2 Signing Vulnerability

Server Message Block (SMB) is the file and printer sharing protocol used by Windows. SMB version 2 (SMBv2) is an updated version of SMB, supported by Windows Vista and the upcoming Server 2008. SMBv2 allows for packet signing, which adds an extra layer of authentication and security to SMB communications. When your computer receives a properly signed SMBv2 packet, the packet’s signature should guarantee the authenticity of its sender. However, Microsoft’s alert warns of an unspecified flaw in the implementation of SMBv2 signing in Windows Vista. An attacker could exploit this flaw to modify SMBv2 packets even though they still retain seemingly authentic SMBv2 signatures. An attacker could then leverage this vulnerability to impersonate a trusted user on your network, which allows the attacker to execute code on your computers with the impersonated user’s privileges. The impact of this vulnerability is reduced by the fact that most administrators don’t allow SMB traffic through their firewalls. Furthermore, most administrators don’t use SMBv2 at all. This vulnerability poses primarily an internal threat.
Microsoft rating: Important.

MS07-065: Windows Message Queuing Buffer Overflow Vulnerability

Windows Message Queuing is a technology that allows Windows applications to communicate with one another, even when each application happens to run at different times (learn more about Message Queuing on Microsoft’s site). The Message Queuing component that ships with Windows 2000 and XP suffers from a buffer overflow vulnerability. By sending a specially-crafted message to a Windows computer that uses the Message Queuing component, an attacker can exploit this flaw to gain complete control of that machine. To exploit this flaw in Windows XP, that attacker would need valid login credentials. However, he doesn’t need credentials to exploit the flaw against Windows 2000 machines. Windows does not install the Message Queuing component by default, greatly mitigating the threat of an attack exploiting this flaw.
Microsoft rating: Important.

MS07-066: Windows Vista Kernel Privilege Elevation Vulnerability

According to Microsoft, a Windows Vista Kernel component called Windows Advanced Local Procedure Call (ALPC) doesn’t properly validate “certain conditions in legacy reply paths.” This flaw leads to a privilege elevation vulnerability. If an attacker has valid login credentials for one of your Vista machines (even as a guest), and he writes a special program that leverages this ALPC flaw, he can exploit this vulnerability to gain full control of that Vista system. Of course, the attacker needs valid login credentials and access to your Vista machines in order to exploit this flaw. For those reasons, it poses minimal risk.
Microsoft rating: Important.

MS07-067: Macrovision Driver Privilege Elevation Vulnerability

Some versions of Windows ship with a Macrovision SafeDisc driver used to validate the authenticity of certain games that use SafeDisc CD copy protection technology. The Macrovision SafeDisc driver suffers from an elevation of privilege vulnerability involving its mishandling of configuration parameters. Like the flaw above, if an attacker has valid login credentials on one of your Windows machines (even as a guest), and he writes a special program that leverages this Macrovision driver flaw, he can exploit this vulnerability to gain full control of that system. Again, the attacker needs local access and login credentials in order to exploit this flaw. If an attacker has this level of control over your computers, you have much bigger problems to worry about.
Microsoft rating: Important.

Solution Path

Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services Web site.

MS07-063:

MS07-065:

Doesn’t affect 64-bit versions of XP, nor any other versions of Windows

MS07-066:

MS07-067:

For All WatchGuard Users:

WatchGuard Fireboxes, by default, reduce the risks presented by some of these vulnerabilities. However, attackers would exploit most of them locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.

Status:

Microsoft has released patches correcting these issues.

References:

Microsoft Security Bulletin MS07-067

Leave a Comment » | Business Computer Support, Computer Security, Home Computer Support, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows 2000, Windows NT, Windows Vista, Windows XP | Permalink
Posted by bardissi

« Previous Entries